Cryptography for Internet and Database Applications Developing Secret and Public Key Techniques with Java™ Nick Galbreath Cryptography for Internet and Database Applications Cryptography for Internet and Database Applications Developing Secret and Public Key Techniques with Java™ Nick Galbreath Publisher: Bob Ipsen Editor: Carol A Long Developmental Editor: Adaobi Obi Managing Editor: Micheline Frederick New Media Editor: Brian Snapp Text Design & Composition: Wiley Composition Services Designations used by companies to distinguish their products are often claimed as trademarks In all instances where Wiley Publishing, Inc., is aware of a claim, the product names appear in initial capital or ALL CAPITAL LETTERS Readers, however, should contact the appropriate companies for more complete information regarding trademarks and registration This book is printed on acid-free paper ∞ Copyright © 2002 by Nicholas Galbreath All rights reserved Published by Wiley Publishing, Inc., Indianapolis, Indiana Published simultaneously in Canada No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 750-4470 Requests to the Publisher for permission should be addressed to the Legal Department, Wiley Publishing, Inc., 10475 Crosspointe Blvd., Indianapolis, IN 46256, (317) 572-3447, fax (317) 572-4447, E-mail: permcoordinator@wiley.com Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their best efforts in preparing this book, they make no representations or warranties with respect to the accuracy or completeness of the contents of this book and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose No warranty may be created or extended by sales representatives or written sales materials The advice and strategies contained herein may not be suitable for your situation You should consult with a professional where appropriate Neither the publisher nor author shall be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages For general information on our other products and services please contact our Customer Care Department within the United States at (800) 762-2974, outside the United States at (317) 572-3993 or fax (317) 572-4002 Wiley also publishes its books in a variety of electronic formats Some content that appears in print may not be available in electronic books Library of Congress Cataloging-in-Publication Data: ISBN: 0-471-21029-3 Printed in the United States of America 10 Contents Preface xiii Introduction Chapter xv Bits and Bytes General Operations Number Bases Bits and Bytes Signed Bytes Bitwise Operators Complementation or Bitwise NOT Bitwise AND Bitwise OR Bitwise Exclusive OR (XOR) Left-Shift Right-Shift Special Operations and Abbreviations Packed Words Integers and Endian Notation Java Numerics Basic Types Type Conversion Unsigned to Signed Conversions Overflow Arrays Numeric Classes 1 4 6 8 10 11 12 13 14 15 17 17 18 20 v vi Contents Booleans and BitFields Chars Working with Bytes Sign Problems Conversion of Integral Types to Byte Arrays Converting to Hex Strings BigInteger Creating and Converting BigInteger and Cryptography Secret Methods in BigInteger Chapter Secret Key Cryptography Symmetric Block Ciphers Cipher Properties Security Properties Brute-Force Attacks Other Attacks Common Block Ciphers Data Encryption Standard (DES) Triple DES Blowfish IDEA RC5 Rijndael and the Advanced Encryption Standard (AES) Twofish RC6 Ciphers You Shouldn’t Use Password XOR Schemes Classical Cryptography ROT 13 Padding Fixed-Value Padding Random Padding PKCS Padding Modes of Operations Initialization Vectors Electronic Codebook Mode (ECB) Cipher Block Chaining Mode (CBC) Cipher Feedback Mode (CFB) Output Feedback Mode (OFB) Counter Mode (CTR) Propagating CBC (PCBC) Mode Key Wrapping Triple DES KEY Wrapping AES Key Wrapping Turning Passwords into Keys 21 22 22 22 24 25 28 29 31 31 35 35 36 36 37 37 39 39 40 41 43 43 44 46 47 47 47 48 49 49 49 50 50 51 51 53 54 56 58 60 60 61 61 62 63 Contents Hashes Cryptographic Hashes Collisions Attacks Algorithms The MD Family The SHA Family The RIPE-MD Family Hash Standards and Practices Hashed Message Authentication Codes (HMACs) The Standard HMAC Legacy Concatenation Schemes HMAC Standards and Practices Chapter 64 65 66 67 69 71 71 72 73 74 74 75 76 Summary 76 Public Key Cryptography Public Key Ciphers 77 77 Other Systems Digital Signatures Key Agreements Zero-Knowlege Schemes Secret Sharing Public Key Security Classification Fundamental Mathematics Prime Numbers The Distribution of Prime Numbers Prime Testing Probabilistic Tests Sequence-Based Tests Elementary Number Theory Modular Arithmetic Additive Groups Multiplicative Groups Fields Rings Orders and Generators Public Key Encryption and Major PKCS Categories RSA and Integer Factorization Factoring The RSA Problem The Algorithm Message Representation and OAEP In Practice and Standards Choice of Parameters Discrete Logarithm Systems Underlying Mathematics The Algorithm Standards and Practice 79 79 79 79 80 80 82 82 83 84 85 87 88 88 89 89 90 90 90 91 92 92 94 94 96 98 98 100 100 103 106 vii 386 Index CTR (Counter Mode), 52, 60 currentTimeMillis method, 152, 283 customer service, 220, 274 CV2 (card verification value) system, 248 D database fields, 256–257 databases asymmetric data usage and, 255–256 birth-date information and, 250–251 constraints and, 251–255 credit card numbers and, 247–250 described, 241–243 indexing, 251–255 null values and, 256–258 passwords and, 245–246 searching, 251–255 selecting ciphers for, 243–245 Data Encryption Standard See also DES (Data Encryption Standard) data types boolean, 21 char, 22, 238, 259, 262–263, 272 double, 13–16, 18, 21 float, 13–18, 21 long, 13–17, 21–22, 145, 155, 204, 239, 263 primitive, 14–15, 79 short, 13–16, 21 string, 29–30, 239, 258, 271, 272 See also byte data type; int data type debugging, 21, 139–140, 238 See also errors decimal (base 10) encoding, 2–3, 29, 214–216, 300–304 decryption brute-force attacks and, 37 CFB mode and, 56–58 cipher properties and, 36 CTR mode and, 60 described, 35 DES and, 41 eliminating the need for, 242 initialization vectors and, 51–52 n-block mode and, 210 OFB mode and, 58–59 PCBC mode and, 60 public key cryptography and, 94–95 RC5 and, 43–44 RSA and, 94–95 secret key management and, 265, 268–269 secure memory management and, 261 Deflate class, 206–207 deflate method, 206 DES (Data Encryption Standard) cipher Blowfish as a replacement for, 41–42 brute-force attacks and, 37 described, 39–41 IDEA and, 43 Rijndael cipher and, 44 secure memory management and, 253 Spec classes and, 193 Sun providers and, 168 See also TDES (Triple DES) cipher DESKeySpec class, 193, 317–318 deterministic key selection, 252–253 /dev/random system, 135, 136 /dev/urandom system, 136 DHEAS encryption, 105–106, 188 DHGenParameterSpec class, 319 DHKey class, 319–320 DHParameterSpec class, 319 DHPrivateKey class, 320 Index DHPrivateKeySpec class, 320 DHPublicKey class, 320–321 DHPublicKeySpec class, 321 dictionary attacks, 52, 67–69 size requirements, 217–219 DIEHARD, 120 differential analysis, 38 Diffie-Hellman Discrete Logarithm, 109 Key Agreement, 184–186, 188 Key Exchange Protocol, 102, 104, 168 DigestException class, 321 DigestInputStream class, 172–173, 180, 321–322 digest method, 172 DigestOutputStream class, 173, 322 Digital Signature Algorithm See DSA (Digital Signature Algorithm) digital signatures, 79, 123–124, 161 See also DSA (Digital Signature Algorithm) Dihedral Group D5, 224–226 division operation, 28–29 doFinal method, 179, 270–271, 280 domain parameters, 103, 110–111 Double class, 18, 21, 322–323 double data type, 13–16, 18, 21 doubleValue method, 20, 30 dropped bits, 59 blocks, 58, 59 DSA (Digital Signature Algorithm), 123–124, 168, 186, 197 DSAKey class, 323 DSAKeyPairGenerator class, 323–324 DSAParameterSpec class, 324 DSAParams class, 324–325 DSAPrivateKey class, 325 DSAPrivateKeySpec class, 325 DSAPublicKey class, 325 DSAPublicKeySpec class, 326 E ECB (Electronic Codebook Mode), 52, 53–54, 210 logging and, 279 secure memory management and, 244–245 Sun providers and, 168 transformations and, 177–178 ECC (Elliptic Curve Cryptosystem), 91, 105–112, 115, 188 ECDLP (Elliptic Curve Discrete Logarithmic Problem), 109 ECPP (Elliptic Curve Primality Proving), 85 EGD (Entropy Generating Daemon), 137–142, 147, 149, 156 Electronic Codebook Mode See ECB (Electronic Codebook Mode) ElGamal encryption, 91, 100, 102–106 e-mail, 137, 230–232 EncodedKeySpec class, 326 encodeGeneral method, 291 EncryptedPrivateKeyInfo class, 201, 326–327 Endian notation, 12–13, 69, 71, 72 engine classes core, 171–185 list of, 162 standard names for, 165–168 entropy accessing, 134–135 collecting, 150–158 pools, 135, 150–151, 156, 157 random numbers and, 119, 134–135, 139, 142, 150–158 Entropy Generating Daemon See EGD (Entropy Generating Daemon) 387 388 Index ENT testing package, 120 equal sign (=), 231 errors compiler, 16, 23 handling, 163–164 logging and, 278 propagation of, 51 small message encoding and, 221, 222, 224, 226 See also exceptions Euclidean algorithm, 94, 113 EUROCRYPT conferences, 377 exceptions ClassNotFoundException, 182 ExemptionMechanismException, 328 GeneralSecurityException, 163–164, 329 IllegalBlockSizeException, 329 IllegalStateException, 163–164, 329–330 InvalidParameterSpecException, 332 KeyException, 334 KeyManagementException, 337 NoSuchAlgorithmException, 344 NoSuchPaddingException, 344–345 NoSuchProviderException, 345 RuntimeException, 163–164 ShortBufferException, 179, 360 SignatureException, 361 UnrecoverableKeyException, 363–364 See also errors ExemptionMechanism class, 162, 327–328 ExemptionMechanismException, 328 ExemptionMechanismSpi class, 328–329 expiration dates, 247, 249–250, 283–285 exponentiation, 29, 88, 94, 101 external sources, reading, 156 F factorization, 92–100, 102 fast query string parsing, 290–295 Federal Information Processing Standard See FIPS (Federal Information Processing Standard) Federal Reserve, 224 feedback mode, 179 Feistel structure, 40, 47 Ferguson, Niels, 45 Fibonacci sequence, 87 fields binary, 110, 112 database, 256–257 elliptic curves over, 108–110 generators for, 101 modular arithmetic and, 90 prime, 108–109, 112 types of, comparison of, 112 FilterInputStream class, 172, 180 FilterOutputStream class, 172, 180 finalize method, 259, 265 FIPS (Federal Information Processing Standard), 39, 41, 73–74, 121–124, 369–370 flipBit method, 29 flip bit operation, 29–30 Float class, 21 float data type, 13–18, 21 floatValue method, 20, 30 flush method, 181 FORTRAN, 120 forward slash (/), 231 four zeros rule, 236 FreeBSD, 135 Freedom of Information Act, 48 Friedman, William, 48 Frobenius test, 87 G Galois fields, 110 games, 148–149 GCD (greatest common denominator), 82–83, 103–104, 111, 114 Index Geiger counters, 143 GeneralSecurityException, 163–164, 329 generateSecret method, 185 generators, 90–91, 101 Germany, 227 getAlgorithm method, 186, 191, 192 getBytes method, 147 getEncoded method, 186, 189, 191–192, 194, 265 getFormat method, 187, 189, 191, 192 get function, 262 getHostAddress method, 152 getInstance method, 161–162, 177–178, 180, 183, 194–195, 198 getKey method, 260 getMacLength method, 174 getObject method, 182 getOutputSize method, 179 getProvider method, 187 getSeed method, 147 getValue method, 234 Goldberg, Ian, 120 GOST algorithm, 42 GPG (GNU PrivacyGuard), 137 greatest common denominator See GCD (greatest common denominator) grocery industry, 223–224 GUI (graphical user interface) applications, 272 H Hall, Chris, 45 hamming weight, 207 hardware, secure, 263 hash algorithms comparison of, 69–70 described, 69–74 standards and practices for, 73–74 hashCode method, 152 Hashed Message Authentication Code See HMAC (Hashed Message Authentication Code) hashes attacks and, 67–69 collisions and, 66–67 described, 64–74 requirements for, 65–66 hexadecimal (base 16) format, 5, 9, 13, 29–30, 215 conversion to, 25–27 described, 2–3 small message encoding and, 216, 227, 238 hexDecode table, 26–27 hidden methods, 31–33 HMAC (Hashed Message Authentication Code), 74–76, 287 DHEAS and, 105 MAC class and, 173–174 Sun providers and, 168 HotBits, 143 HTML (HyperText Markup Language), 278 HTTP (HyperText Transfer Protocol), 142, 268, 298 hyphen (-), 231 I IAIK-JCE, 169 IBM (International Business Machines), 45, 143 IDEA cipher, 39, 43 identity property, 89, 90 IEEE (Institute of Electrical and Electronics Engineers), 32, 86 802.11b standard, 126 1363 standard, 106, 112, 115, 168, 358, 372–373 IETF (Internet Engineering Task Force), 370–371 IllegalBlockSizeException, 329 IllegalStateException, 163–164, 330 IND (indistinguishability) principle, 80–82 independence, 65, 159 389 390 Index inetd (Internet services daemon), 137 Infinity value, 17–18 Inflate class, 206–207 inflate method, 206 initialization penalty, 42 initialization vectors See IVs (initialization vectors) InitJCE class, 170 init method, 170–171, 189 Institute of Electrical and Electronics Engineers See IEEE (Institute of Electrical and Electronics Engineers) int data type, 13–18, 21, 128 See also integers conversion to/from, 22, 24–25 packed words and, 11 small message encoding and, 213, 228, 237, 239 small message encryption and, 204 Integer class, 20, 21, 330 integers, 12–13, 22 See also int data type division operation for, 28–29 factorization of, 92–100 interpretation of bytes as, 3–4 Java numerics model and, 13–33 public key cryptography and, 92–100 Intel RNG, 136 International Standards Organization See ISO (International Standards Organization) Internet Engineering Task Force See IETF (Internet Engineering Task Force) interoperability, 159 intValue method, 20, 30 InvalidKeyException class, 330–331 InvalidKeySpecException class, 331 InvalidParameterException class, 331 InvalidParameterSpecException class, 332 inverse mapping, 26 inverse property, 89, 90 IPv6 (Internet Protocol version 6), 236 ISAN (International Standard Audiovisual Number), 227 ISBN (International Standard Book Number), 224 ISO (International Standards Organization), 226–228, 291, 373–376 iteration counts, 63–74 IVParameterSpec class, 178, 332 IVs (initialization vectors), 51–52, 55, 58–59, 63, 120, 178 J JAR files, 161–162, 164 Java application events and, 156–157 AWT, 157, 272–273 base 64 encoding and, 231 certificates and, 162–163, 185–202 ciphers and, 171–182 compilers, 23, 238 Endian notation and, 13 engine classes, 161–162, 171–185 entropy and, 150–158 error handling and, 163–164 key agreement protocols, 184–185 number formats and, 1–13 numerics model, 13–33 packed words and, 11–12 parameters and, 162–163, 185–189 providers and, 164–171 race conditions and, 154–155 random numbers and, 144–158 right-shift operator and, 9–10 RMI, 268 secret-key cryptography and, 46 secure memory management in, 258–263 Index seeding and, 147–149 source encoding, 230, 237–240 standard names and, 165–168 system state sources and, 151–152 thread schemes and, 153–155 user events and, 157–158 Virtual Machine (JVM), 13, 151–153, 164, 171 Java Cryptography Architecture See JCA (Java Cryptography Architecture) Java Cryptography Extensions See JCE (Java Cryptography Extensions) java.io.serializable interface, 181 java.match package, 28 JavaScript, 221 java.security package, 161 java.util package, 18–20, 145 javax.crypto package, 160–161, 170–171 JCA (Java Cryptography Architecture), 159–161, 189–192, 197–200 JCE (Java Cryptography Extensions), 160–161, 170, 182, 272 JVM (Java Virtual Machine), 13, 151–153, 164, 171 K Kelsey, John, 45 Kerberos, 60 kernel, 136 KeyAgreement class, 162, 184–185, 333 key agreements, 103–106, 111, 160, 184–188 See also KeyAgreement class KeyAgreementSpi class, 334 Key class, 209, 264–265, 267, 333 KeyException, 334 KeyFactory class, 162, 163, 196, 335 KeyFactorySpi class, 336 KeyGenerator class, 162, 173, 194–195, 336 KeyGeneratorSpi class, 337 Key interface, 162–163 KeyManagementException, 337 KeyPaidGenerator class, 162, 167, 173, 195–197 KeyPair class, 337 KeyPairGenerator class, 337–338 KeyPairGeneratorSpi class, 338 key pairs, 94, 103–104, 195–197 See also keys keys algorithm-specific specifications for, 192–193 brute-force attacks and, 37 cipher properties and, 36–39 conversion of, 95, 194 conversion of passwords into, 63–64 DES, 39–41 encryption of, 197–200, 266–267 generation of, 94, 103–104, 111, 263 granting access to, 268–269 index bit, 283 Java and, 189–193, 197–200 RC5, 43–44 rolling, 242 size of, 37–41, 45–46 status flags for, 265 storage of, 267–268 unwrap process for, 62–63 wrapping, 61–63, 197–200 See also key agreements; key pairs KeySpec class, 162, 190, 197, 199, 265, 338–339 KeySpec interface, 190 KeyStore class, 162–163, 167, 264, 339–340 KeyStoreException class, 340 KeyStoreSpi class, 341 KeyTools Crypto, 169 391 392 Index Knuth, Donald E., 368 Kundsen, Lars, 45 L last names, storage of, 251 Lattice Basis Reduction, 100 lattices, 110, 114 Lauer, George J., 223 LavaRnd, 144 LCG (linear congruential generator), 122, 145 leading zeros, 21 leakage resistance, 65 least-significant bits See LSB (leastsignificant bits) left-shift (